Mobile devices: The next eDiscovery wave?
Smart phones and tablets are now critical sources of unique ESI for corporate executives and other critical personnel. But how should organizations start the behemoth task of preserving and collecting this information for civil discovery?
By Greg Buckles
August 29, 2012 — CSO —
Ready or not, it is time for corporate legal and MIS departments to accept the fact that real and unique corporate Electronically Stored Information (ESI) resides on mobile devices such as iPhones, Blackberrys and tablets. Until recently, most lawyers exempted these devices from preservation and collection obligations with a wide variety of arguments; too difficult, redundant content, inaccessible, lack of explicit caselaw and bipartisan agreements. The rise of the mobile workforce, integrated communications, mobile apps and more have combined to make smart phones and tablets critical sources of unique ESI for corporate executives and other critical personnel. If we accept that mobile devices must be preserved and collected for civil discovery, then we get to the hard question of how to do it.
A quick walk through the history of mobile device forensics will help to understand where the wide array of current forensic extraction technology has come from. Criminal eDiscovery has always blazed the path for civil eDiscovery. The current wave of mobile device discovery is no different in this respect than the earliest wave of large volume email collections and productions in the Enron related investigations in the 2000-2002 period.
Forensic acquisition, extraction and analysis started with relatively crude, manual command line tools that required an expert to run and testify to. Over time, these have evolved into sophisticated programs with wizards and other mechanisms that help to make this functionality accessible to a reasonably competent user with minimal training, such as we have seen with Michigan state troopers analyzing cell phones on road stops.
Just like computers, the earliest forensic cell phone acquisitions in the early 1990's used bit-copy imaging of the phone memory and the SIM cards. An investigator had to essentially 'read' the raw binary or hex code and translate it into call logs or wave files (voice messages) for prosecutors. Nascent PDA phones like the early BlackBerry released in 1999 dramatically increased business usage and the complexity of the data to be extracted. RIM brought the first smart phone to market in 2002 with an actual Operating System (OS) that could handle real email. Susteen claims to have brought the first commercial forensic cell phone software to market with their Secure View 1 product. The introduction of cell phone forensic technology in the 2003-2006 time period corresponds to the jump in business use and the explosion of civil eDiscovery. The NIST Computer Forensic Tool Testing project published their first mobile device Tool Specification in November 2007. Apple released the iPhone in 2007, which was the equivalent of dumping rocket fuel on the executive bonfire. Every C-level executive had to have one.